Hi, the other day I came across reading
https://snyk.io/blog/ten-git-hub-security-best-practices/ If you look at number 4 they recommend to add a file at the root of a repository to describe how security incidents should be reported. What is your opinion on this? Do you have experience with it in other projects? In case we would introduce it, we would need to do some work on the infra (like generating keys for PGP). Looking forward to your replies Ryuno-Ki